Latest Cybersecurity News | Cisco has released a patch for a critical vulnerability in Cisco Video Surveillance Manager (VSM) software
Cisco has released a patch for a critical vulnerability in Cisco Video Surveillance Manager (VSM) software which could allow attackers to execute arbitrary commands on the Targeted system.On September 21st Cisco released an advisory regarding a vulnerability in Cisco Video Surveillance Manager (VSM) software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms.The vulnerability could allow unauthenticated and remote attackers to execute an arbitrary command on the targeted systems.In certain systems, the root user has default, static user credentials which can be exploited by the attackers to log in to the targeted system as the root user."A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials." said in the advisory published by Cisco.Cisco forgot to disable the root accounts in the VSM software before they installed the software in the systems.By exploiting this flaw, an attacker can log in to the system as a root user and execute arbitrary commands.The vulnerability affects Cisco Video Surveillance Manager (VSM) Software releases 7.10, 7.11, and 7.11.1. The vulnerability only affects if the software was pre-installed by Cisco and is running on the following Cisco Connected Safety and Security Unified Computing System (UCS) platforms:
- CPS-UCSM4-1RU-K9
- CPS-UCSM4-2RU-K9
- KIN-UCSM5-1RU-K9
- KIN-UCSM5-2RU-K9
You may be interested in reading:Thousands of Wordpress Websites Hacked and Injected with Malicious Codes